<?php
	include('secure_db.php');
	session_start();
	
	/*check isset*/
	if(isset($_POST['Name']) AND isset($_POST['Price']) AND isset($_POST['Availability'])AND isset($_POST['Category']) AND 
	   isset($_POST['Description']) AND $_FILES['Picture']['error'] == 0 ){
			
	   /*check size*/
		if ($_FILES['Picture']['size'] <= 1000000){
			
			/*check extension*/
			$infosfichier = pathinfo($_FILES['Picture']['name']);
			$extension_upload = $infosfichier['extension'];
			
			$extensions_autorisees=array('png','jpeg','jpg');
			if (in_array($extension_upload, $extensions_autorisees)){
			
				include("connection_mysqli.php");
				$req=$connexion->prepare('UPDATE Product 
										  SET price=?, name=?, description=?, availability=?, category=?, picture_type=? 
										  WHERE ID=?');
				
				$req->bind_param("dsssssi",$val1,$val2,$val3,$val4,$val5,$val6,$val7);
				$val1=Secure::db($_POST['Price']);
				$val2=Secure::db($_POST['Name']);
				$val3=Secure::db($_POST['Description']);
				$val4='oui';
				if($_POST['Availability']=='oui'){
					$val4='oui';
				}else{
					$val4='non';
				}
				$val5=Secure::db($_POST['Category']);
				$val6=$extension_upload;
				$val7=Secure::db($_POST['ID']);
				$result=$req->execute();
				
				$id=str_replace (" ", "", 'picture/'.$_POST['ID'].'.'.$extension_upload );
				move_uploaded_file($_FILES['Picture']['tmp_name'],$id);
				
				
				$req->close();
				$connexion->close();
			}
		}
	}

	header('Location: store-myproducts.php');
?>
